Cloudflare and DNSSEC

Mark Constable

This website is now on Cloudflare as of 2018-08-02 so we will get some idea of any performance gains and whether there are any limitations compared to using a single origin web server. The free plan does not offer any local (to me) Australian edge servers which freaked me out the first time I tried Cloudflare a few years ago. My pings times to this server went from 20ms up to about 170ms before I found out about the limitation of no AU cache servers on the free plan.

However the DNS results from https://tools.keycdn.com/ping assures me that DNS lookups are much faster in general from around the world. I’m not too impressed with the actual FTTB (first time to byte) load time via Cloudflare though. Delivery from my own nginx server is a little faster than from Cloudflare but then it’s hard to compete with the reach of 150 points of presence around the world compared to a single web server in Sydney.

Now for my note-to-self: Don’t forget to remove any DNSSEC DS records from a domains upstream Registrar BEFORE trying to transfer that domains Full DNS hosting to Cloudflare.